Bug 967199 - lightdm doesn't start with SELINUX=enforcing
lightdm doesn't start with SELINUX=enforcing
Status: CLOSED DUPLICATE of bug 969090
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
Unspecified Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-05-25 08:17 EDT by Eugene A. Pivnev
Modified: 2013-05-30 11:51 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-05-30 11:51:45 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eugene A. Pivnev 2013-05-25 08:17:21 EDT
Description of problem:

LightDM can't start with SELINUX=enforcing.
"Permissive" or "Disabled" - ok.

Version-Release number of selected component (if applicable):

* Fedora 18 (i686)
* lightdm-1.4.1-3.fc18.i686
* lightdm-razorqt-0.5.2-8.fc18.i686 (lightdm greeter)

How reproducible:

Steps to Reproduce:
1. yum install lightdm-razorqt
2. /etc/sysconfig/desktop: DISPLAYMANAGER=/usr/sbin/lightdm
3. /etc/selinux/config: SELINUX=enforcing
4. init 6

Additional info:

Problem appeared during creating QtDesktop spin (http://fedoraproject.org/wiki/QtDesktop_Spin).
After "yum remove selinux-policy" and install it again lightdm started ok.
Now QtDesktop's *.ks contains "selinux --permissive".
Comment 1 Rex Dieter 2013-05-25 08:34:45 EDT
For what it's worth, during testing, I set selinux in permissive to get lightdm with lightdm-razorqt greeter to start ok.  But I couldnt find anything relevant in /var/log/audit/audit.log (nothing mentioning lightdm anyway).
Comment 2 Miroslav Grepl 2013-05-27 09:48:59 EDT
Could it be tested with

# semodule -DB

re-test it and 

# ausearch -m avc,user_avc -ts recent |audit2allow
Comment 3 Rex Dieter 2013-05-30 11:51:45 EDT
sealert finally showed me the denial, see bug #969090

*** This bug has been marked as a duplicate of bug 969090 ***

Note You need to log in before you can comment on or make changes to this bug.